PDA

View Full Version : Forbidden don't have permission ISPConfig 3


BrainyForge
18th June 2011, 19:05
Hi, I installed 3 ISPonfig after years of glorious ISP2, is
experiencing the following problem and would like a tip where to start
for debugging.
After a certain time and in a repetitive way, all the sites and the panel is not
reached indicating the following error:

Forbidden
You don't have permission to access /index.php on this server.


After a few minutes, everything returns to work, to reappear after 10 minutes.
Excuse my English.

thanks

falko
19th June 2011, 22:10
This might be a load problem on your server. Do you have munin installed to monitor your server load?

BrainyForge
20th June 2011, 08:52
I have not installed Munin, I proceed to do so now.
Other problems since I installed ISP 3:
In one month, three times I had to regenerate the SSL certificates, mysteriously
stop working.
For Munin, there is a track ISPConfig3 particular, I asked
safely use http://www.howtoforge.com/server-monitoring-with-munin-and-monit-on-debian-lenny.

My configurations is Debian6 ISPConfig 3

Thank you for your attention

falko
21st June 2011, 09:35
For Munin, there is a track ISPConfig3 particular, I asked
safely use http://www.howtoforge.com/server-monitoring-with-munin-and-monit-on-debian-lenny.

My configurations is Debian6 ISPConfig 3

Yes, you can use that tutorial.

Is this a physical server or a virtual machine?

BrainyForge
22nd June 2011, 09:35
It is a virtual server. It runs on Xen.
Meanwhile, thanks for your attention

BrainyForge
27th June 2011, 16:02
The problem is increasingly worse making it impossible to use the webmail, and much less able to click more than two pages on sites.

I could not get a munin in operation, permission problems, I'm still working, but the problem has become intolerable, which logs should be analyzed?

I hope in your help, otherwise I can not help but return to ISPconfig2, given my obvious ignorance of this new software.

Thank you for your attention, greetings from an apprentice ISPCONFIG3

falko
28th June 2011, 10:51
I could not get a munin in operation, permission problems,What's the error message?

I hope in your help, otherwise I can not help but return to ISPconfig2
Did your ISPConfing 2 setup run on the same configuration (Xen, etc.)?

Is your VM image-based or LVM-based (see http://www.howtoforge.com/using-xen-with-lvm-based-vms-instead-of-image-based-vms-debian-etch )?

BrainyForge
28th June 2011, 12:56
Munin works, I had problems to write to say the web, but I easily fixed.

I have not had time to check the result, and here's the link to view the charts, just figured out the problem will proceed to the insertion of a pws.

http://www.brainyforge.net/monitoring/

BrainyForge
29th June 2011, 10:06
Hello everyone,:)
doing a bit of control, I observed the following daemon.log, which corresponds to my IP, when I denied access.
Jun 29 08:38:24 ns1 mod_evasive[22104]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:38:28 ns1 mod_evasive[22104]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:38:32 ns1 mod_evasive[22104]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:04 ns1 mod_evasive[22152]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:18 ns1 mod_evasive[22152]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:20 ns1 mod_evasive[22152]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:23 ns1 mod_evasive[22152]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:24 ns1 mod_evasive[22152]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:26 ns1 mod_evasive[22152]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:29 ns1 mod_evasive[22152]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:51 ns1 mod_evasive[20141]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:52 ns1 mod_evasive[22118]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:52 ns1 mod_evasive[21485]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:52 ns1 mod_evasive[20141]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:52 ns1 mod_evasive[20141]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:52 ns1 mod_evasive[20141]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:40:53 ns1 mod_evasive[20141]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:43:01 ns1 dbus-daemon: [system] Reloaded configuration
Jun 29 08:48:06 ns1 mod_evasive[23196]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:48:06 ns1 mod_evasive[23196]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:04 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:06 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:08 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:10 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:11 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:11 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:13 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:14 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:17 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:19 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:21 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied
Jun 29 08:49:27 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied


I would like help on how to proceed in the search, which other logs should I check.

Thanks

till
29th June 2011, 10:54
The problem is that you installed mod_evasive or a similar apache anti ddos module on the server and you have used too low settings for it, so this module blocked ispconfig. Please change the settings of the anti ddos module that you use to be less strict so that it does not block ispconfig anymore.

BrainyForge
29th June 2011, 11:53
Thanks Till!:)
and to the entire forum.

Problem solved I made the changes indicated by you on this post
http://www.howtoforge.com/forums/showthread.php?t=11488

On DOSCloseSocket I have not included because it gave me the following error:

"Invalid command 'DOSCloseSocket', misspelled or defined by Perhaps a module not included in the configuration server"

I ask you whether you need?
if I understand I have to install the module, right?

However, the problem is solved for now.

Thanks again:D:p

till
29th June 2011, 12:06
It might be that this directive is for a different version of the module, so I guess you can leave that option out.

stars
22nd September 2011, 17:23
Same problem here...

Jun 29 08:49:27 ns1 mod_evasive[26433]: Couldn't open logfile /var/log/apache2/evasive/dos-2.226.20.134: Permission denied

Who should be the owner of this folder /var/log/apache2/evasive? Why it cant write logfiles?

till
22nd September 2011, 17:38
Try to chown the directory to the user that runs apache, e.g. apache or www-data.